storing`passwords in cookies


J

Jason

I have a .net application with forms authentication. I
need to store the password entered at the login screen for
later use. I can either store it in a session object or in
the forms authentication ticket. I think the ticket is the
right place because the password is a property of the
user, and therefore part of the identity. I know it will
be encrypted before it is written to the cookie but is
this the right answer? How safe is the password?
 
Ad

Advertisements

C

Cowboy \(Gregory A. Beamer\)

Anytime you send something out to the client, there is a possibility of
compromise. While it is slim, you should consider it. In general, I create a
user object and use it to store reused variables. It can be placed in
session. I would not put the password, as you should not need it agani.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

**********************************************************************
Think Outside the Box!
**********************************************************************
 

Top